A system may be configured to provide secure access to a physical resource through the use of a partitionable virtual input/output server in a virtualized environment. A server may receive a request to access the physical resources from a cloud tenant administrator. The cloud tenant may be assigned to a particular working load partition (WPAR), and the physical resources may be assigned to the particular WPAR. A remote Kerberos server may be accessed in response to the request. The Kerberos server may be hosted in a private domain, and it may be used to authenticate access to the physical resource. The server may receive a valid ticket from the Kerberos server. The administrator may be granted access to the physical resources via access to the WPAR, based on the valid ticket and for the lifetime of the ticket.